Interesting new dns failures
Gadi Evron
ge at linuxbox.org
Tue May 22 21:16:18 UTC 2007
On Tue, 22 May 2007, David Ulevitch wrote:
>
<snip>
> These questions, and more (but I'm biased to DNS), can be solved at the
> edge for those who want them. It's decentralized there. It's done the
> right way there. It's also doable in a safe and fail-open kind of way.
>
> This is what I'm talking about.
Agreed.
> > After all, nobody's security being affected by the edge of some end-user
> > machine on the other side of the world is irrelevant to my edge
> > security. FUSSP.
> >
> > DNS abuse is mostly not an edge issue.
>
> I disagree. DNS is the enabler for many many issues which are edge
> issues. (Botnets, spam, etc)
There you did it, you said the B word. Now all the off-topic screamers
will flame. :)
Botnets, spam, etc. are symptoms, and DNS is abused to help them
along. DNS abuse, i.e. abuse of DNS, is a DNS issue.
David, we agree - just talking of similar issues which are.. different.
Gadi.
More information about the NANOG
mailing list